There was a cross-site scripting vulnerability in an eBay domain that could have allowed an attacker to steal users’ session cookies and take over their accounts.
The company has removed the vulnerable page, according to the researcher who discovered the bug and disclosed it to eBay, Aditya Sood. The vulnerability existed on an eBay subdomain, svcs.ebay.com, and Sood said it specifically was in the SMS gateway on the page.
In order to exploit the vulnerability, an attacker could send an email or other communication to a victim containing the malicious code.
The attacker can exploit the vulnerability by sending a specially crafted URL with embedded script (or XSS payload) when the user is actively running session in the browser,” Sood said in an email
Sood said he disclosed the vulnerability to eBay back in June and the bug was fixed in late August. This is the latest bug that Sood has discovered in eBay sites. In March, he found a file upload and a patch disclosure vulnerability in an eBay site.
“The eBay server fails to implement secure header checks on the image files being uploaded on the server. It basically verifies the image extensions. As a result, it is possible to upload a camouflaged malicious file (EXE,PDF,etc.) with image file extension,” Sood said.